Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The TODO was added by me. Because this method happens within the RS. The old impl use a login user(User.runAsLoginUser where the login user is the user who started RS process) to call Table.put(). And it will check the permission when put record to ACL table. At RpcServer we have a ThreadLocal where we keep the CallContext and inside that the current RPC called user info is set. We need Table.put(List<Put>) to change to a new thread and and so old ThreadLocal variable is not accessible and so it looks as if no Rpc context
and we were relying on the super user who starts the RS process.
User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm, regionEnv.getTable(AccessControlLists.ACL_TABLE_NAME), request.getMergeExistingPermissions()); return null; } });
But after HBASE-21739, no need to User.runAsLoginUser. Because we will call Admin method to grant/revoke. And this will be execute in master and use the master user(the user who started master process) to call Table.put. So this is not a problem now.
Attachments
Attachments
Issue Links
- links to
